﻿// <copyright file="InformationCardSTSServiceHost.cs" company="SharpSTS">
// Copyright (c) 2007, 2008 All Right Reserved, http://sharpsts.com/
//
// This source is subject to the Microsoft Permissive License.
// Please see the License.txt file for more information.
// All other rights reserved.
//
// THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY 
// KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
// IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
// PARTICULAR PURPOSE.
//
// </copyright>
// <author>Barry Dorrans</author>
// <email>barryd@idunno.org</email>
// <date>2008-06-11</date>
// <summary>Provides a service host configured for an information card STS.</summary>

namespace SharpSTS
{
    using System;
    using System.Security.Cryptography.X509Certificates;
    using System.ServiceModel;
    using System.ServiceModel.Channels;
    using System.ServiceModel.Description;
    using System.ServiceModel.Security.Tokens;
    
    using Constants;
    using Properties;

    /// <summary>
    /// Represents an <see cref="ServiceHost"/> correctly configured for information card hosting.
    /// </summary>
    [IdentityErrorHandler]
    internal class InformationCardSTSServiceHost : ServiceHost
    {
        /// <summary>
        /// The certificate used for the STS.
        /// </summary>
        private readonly X509Certificate2 signingCert;

        /// <summary>
        /// Initializes a new instance of the <see cref="InformationCardSTSServiceHost"/> class.
        /// </summary>
        /// <param name="serviceType">Type of the service.</param>
        /// <param name="signingCertificate">The signing certificate.</param>
        public InformationCardSTSServiceHost(Type serviceType, X509Certificate2 signingCertificate)
            : base(serviceType)
        {
            this.signingCert = signingCertificate;
        }

        /// <summary>
        /// Initializes a new instance of the <see cref="InformationCardSTSServiceHost"/> class.
        /// </summary>
        /// <param name="serviceType">Type of the service.</param>
        /// <param name="baseAddresseses">Base address collection</param>
        /// <param name="signingCertificate">The signing certificate.</param>
        public InformationCardSTSServiceHost(Type serviceType, Uri[] baseAddresseses, X509Certificate2 signingCertificate)
            : base(serviceType, baseAddresseses)
        {
            this.signingCert = signingCertificate;
        }

        /// <summary>
        /// Invoked during the transition of a communication object into the opening state.
        /// </summary>
        protected override void OnOpening()
        {
            base.OnOpening();

            // Don't require derived keys for the issue method
            ServiceEndpoint stsEndpoint = Description.Endpoints.Find(typeof(IWSTrustContract));
            
            if (null == stsEndpoint)
            {
                throw new ServiceActivationException(Resources.ErrorCannotFindEndpoint);
            }

            BindingElementCollection bindingElements = stsEndpoint.Binding.CreateBindingElements();
            SecurityBindingElement sbe = bindingElements.Find<SecurityBindingElement>();
            RsaSecurityTokenParameters rsaParams = new RsaSecurityTokenParameters
                                                       {
                                                           InclusionMode = SecurityTokenInclusionMode.Never,
                                                           RequireDerivedKeys = false
                                                       };
            SupportingTokenParameters requirements = new SupportingTokenParameters();
            requirements.Endorsing.Add(rsaParams);
            sbe.OptionalOperationSupportingTokenParameters.Add(WSTrust.Actions.Issue, requirements);
            stsEndpoint.Binding = new CustomBinding(bindingElements);
            Credentials.ServiceCertificate.Certificate = this.signingCert;
        }
    }
}
